User: Password:
|
|
Subscribe / Log in / New account

Your visual how-to guide for SELinux policy enforcement (opensource.com)

Your visual how-to guide for SELinux policy enforcement (opensource.com)

Posted Dec 3, 2013 19:53 UTC (Tue) by BenHutchings (subscriber, #37955)
In reply to: Your visual how-to guide for SELinux policy enforcement (opensource.com) by flewellyn
Parent article: Your visual how-to guide for SELinux policy enforcement (opensource.com)

Presumably something like:

addr="$(awk '$3 == "signedonly" { print $1 }' /proc/kallsyms)"
# exploit bug to write 0 to $addr


(Log in to post comments)

Your visual how-to guide for SELinux policy enforcement (opensource.com)

Posted Dec 3, 2013 20:02 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

You don't need a bug. There's plenty of ways to modify kernel memory if you're root.

Your visual how-to guide for SELinux policy enforcement (opensource.com)

Posted Dec 3, 2013 20:40 UTC (Tue) by BenHutchings (subscriber, #37955) [Link]

I was assuming a generic script. Given CONFIG_DEVKMEM is disabled, I think all the methods you've identified involve firmware or peripheral DMA masters. Are there generic ACPI methods that can be used for this?

Your visual how-to guide for SELinux policy enforcement (opensource.com)

Posted Dec 3, 2013 21:00 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

kexec's an obvious one.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds